¶ Audits multi target scan system
In Audits (Multi) users can create projects to work with many targets at the same time. This means that you can create many projects, and in any of this projects you can scan many different targets in one scan.
For example in on Multi target project and you can add URL, IPv4, IPA application file, link to source code or archive, Username, Email, and others available targets. Then you can choose audits for different targets and our system automatically choose which audits run on target, this will depend on which purpose the audits you select are suitable for.
Also in multi target audit system users have additional opportunity to create Exploit Monitoring project, to automatically monitoring new potential vulnerabilities and exploits of your web resource in real time.
Here is an example of how Exploit Monitoring works.
And Breach Detection projects that allow you to automatically track already leaked information about Recon assets and detect new leaks in time, such as Urls leaked info, phishing domains, usernames and email addresses their credentials and accounts, companies close information, private information about bank card numbers.
Here is an example of how Breach Detection works.
¶ Multi targets project creation
Users can directly create multi targets project, with same asset type, from Add assets page.
For example, You can click on Url asset icon and enter multiple url targets or upload txt file with them and go to multi target project.
Or Users can add assets with different types and create multi targets project later from assets dashboard.
Then you can go directly to project or open created project from multi target projects list.
¶ Project running
After opening project you can choose and run audits from Configure & Run page.
Audits can be runned in standart mode, where results for different types of assets will be displayed all together in one scan workflow.
Or you can run audits in "Split" mode, where the results for different assets will be split in different scan workflows and you will only be able to see the results for one asset in each workflow.
Also you can schedule a scan and choose the exact start time of the scan, or you can set up a rescan in simple and advanced variants.
¶ Scan results
Users can see their Scan Workflows on Workflow Configs Tab in simple Lite and more detailed Advanced mode.
Scan Details placed in Storage tab and splited on five tabs such as:
¶ Total Amount of data
Here, users can see the total amount of all data found in the current scan workflow.
¶ Audits Results
Here are the work results of all audits in this scan workflow.
Audits results can be sorted using various filters and opened to view more detailed information about the results, and Facts and Solutions related to this result.
¶ Facts
Facts are valuable information extracted from scan results, depending on the data found, facts have different characteristics such as severity, css3 score and CWE number.
Same as with Audit results, Users can sort and open a fact and see a description of what information or vulnerability was discovered, provide its number and classification in vulnerability databases, an overall threat score, and more.
Also by clicking on Show Modal you can open audit scan result which give this Fact
¶ Solutions
Solutions are similar to Fact, but the give you advice on fixing founded vulnerabilities.
As with the facts, users can sort and open the solution to see recommendations for fixing the discovered vulnerability.
Also by clicking on Show Modal you can open audit scan result which give this Solution
¶ Resources
Resource extraction systems extract information about the target's web resources from results.
Multiple results are parsed and recognized as resources after being analyzed based on its type: URL, Domain, Subdomain, Email, CVE, IPv4, IPv6 and more others.
Also Users can see scan logs in Control tab.
And for user convenience Audits multi target scan results available on Workspace services dashboard.
¶ Additional fuctions
In addition to the results in the project Dashboard, users can view graphs of added assets.
And track project Activity
Users Notes where you can create notes and checklists in them however you like.
